Commit Graph

7 Commits

Author SHA1 Message Date
Nicholas J. Kain
5eccd4893a
Set FD_CLOEXEC on scriptd(Sock|Stream).
These have no reason to be inherited by the script when it is
run by posix_spawn().
2022-09-07 17:25:22 -04:00
Nicholas J. Kain
f7db9fd5e7
Correct regression introduced by previous commit.
safe_recv(..., len), when used on a blocking fd, will attempt
to call recv and collect data until either EOF, a hard error,
or len bytes are collected.

The previous commit used safe_recv() in a blocking mode to read
a single byte into a buffer that was larger than a byte.  This
would cause ndhc to stall as safe_recv() would try to fill that
buffer when no more data would ever be sent.

This issue would only happen if ndhc is supposed to run a script.

Introduce and use safe_recv_once() that will correct this problem and
fill the semantic gap for blocking fds.  I add a new call because in
some cases the above behavior might be required for a blocking fd, too.

Note that the above issue is not a problem for nonblocking fds; the
EAGAIN or EWOULDBLOCK path will return a short read.
2022-09-07 17:08:43 -04:00
Nicholas J. Kain
ebd2c4c01a
scriptd: Wait to notify s6 until script completes.
The motivation here is to be safe in cases where the script
is setting up firewall rules or tunnels and where subsequent
tasks require these to be complete before starting.

I expect that this is a common case where a script is used.

The implementation behaves almost identically to how ifchd works.
2022-09-07 04:45:30 -04:00
Nicholas J. Kain
898765e0a8 scriptd: Use posix_spawn rather than fork/exec.
Also don't bother providing an artificial environment.
2022-08-09 13:40:10 -04:00
Nicholas J. Kain
12631c59bb Update to latest nk/exec.c; see ncron repo for changes.
Notably, nk_generate_env() no longer calls malloc().
2022-02-25 06:43:42 -05:00
Nicholas J. Kain
286b86d62c Preserve errno across signals. 2022-02-24 06:57:49 -05:00
Nicholas J. Kain
a9874d4959 Support running an executable file when a new lease is acquired.
If no 'script-file = SCRIPTFILE' is specified in the configuration
file and if no '-X SCRIPTFILE' or '--script-file SCRIPTFILE'
command argument is provided, then this functionality is entirely
inactive and no associated subprocess is spawned.

Otherwise, ndhc will spawn a subprocess that runs as root that has the
sole job of forking off a subprocess that exec's the specified script in
a sanitized and fixed-state environment whenever a new DHCPv4 lease is
acquired.

Note that this script is provided no information about ndhc or the
DHCP state in the environment or in any argument fields; it is the
responsibility of this script to gather whatever information it needs
from either the filesystem or syscalls.  This design is intended to
avoid the historical problems that are associated with dhcp clients
invoking scripts.

The path of the scriptfile cannot be changed after ndhc is initially
run; ndhc forks off the privsep script subprocess that executes scripts
after it has read the configuration file and command arguments, but
before it begins processing network data; thus, it is impossible for the
network-handling process to modify or influence the script assuming
proper OS memory protection.

The privsep channel communicates that the script should be run by simply
writing a newline; anything else will result in ndhc terminating itself.

Before the recommended way to update system state after a change in
lease information was to run the fcactus program and watch the
associated leasefile for the interface for modification; now no external
program is needed for this job.
2022-02-24 03:58:37 -05:00